def _get_policy(self, key): pid = self.redis.uget(key) policy = Policy() if not pid: return policy for constraint in Policy.attributes: if constraint == 'owner': policy.owner = self.redis.uget('pid:%s:owner' % pid) if policy.owner == '': policy.owner = None else: key = 'pid:%s:%s' % (pid, constraint) values = self.redis.smembers(key) setattr(policy, constraint, [value.decode( self.redis.encoding) for value in values]) return policy
def _map_policy(self, spolicy): policy = Policy() policy.owner = spolicy.owner for field in Policy.attributes: if field == 'owner': continue setattr(policy, field, self._map_policy_rule(getattr(spolicy, field))) return policy
def test_policy_equal(): policy1 = Policy() policy2 = Policy() policy1.owner = 'frank' policy1.read = ['cow', 'moo'] policy2.owner = 'frank' policy2.read = ['cow', 'moo'] assert policy1 == policy2 policy2.read = ['cow', 'noo'] assert policy1 != policy2 policy2.read = ['cow', 'moo'] policy2.owner = 'sam' assert policy1 != policy2
def _map_policy(self, spolicy): policy = Policy() policy.owner = spolicy.owner for field in Policy.attributes: if field == 'owner': continue setattr(policy, field, self._map_policy_rule(getattr(spolicy, field))) return policy
def test_policy_equal(): policy1 = Policy() policy2 = Policy() policy1.owner = 'frank' policy1.read = ['cow', 'moo'] policy2.owner = 'frank' policy2.read = ['cow', 'moo'] assert policy1 == policy2 policy2.read = ['cow', 'noo'] assert policy1 != policy2 policy2.read = ['cow', 'moo'] policy2.owner = 'sam' assert policy1 != policy2
def _make_policy(member): """ Make a new private policy with the named member. """ policy = Policy() policy.owner = member for constraint in ('read', 'write', 'create', 'delete', 'manage'): setattr(policy, constraint, [member]) policy.accept = ['NONE'] return policy
def _make_policy(member): """ Make a new private policy with the named member. """ policy = Policy() policy.owner = member for constraint in ('read', 'write', 'create', 'delete', 'manage'): setattr(policy, constraint, [member]) policy.accept = ['NONE'] return policy
def _load_policy(self, spolicy): policy = Policy() for pol in spolicy: principal_name = pol.principal_name if pol.principal_type == 'R': principal_name = 'R:%s' % principal_name if pol.constraint == 'owner': policy.owner = principal_name else: principals = getattr(policy, pol.constraint, []) principals.append(principal_name) setattr(policy, pol.constraint, principals) return policy
def _load_policy(self, spolicy): policy = Policy() if spolicy is not None: for pol in spolicy: principal_name = pol.principal_name if pol.principal_type == 'R': principal_name = 'R:%s' % pol.principal_name if pol.type == 'owner': policy.owner = principal_name else: principals = getattr(policy, pol.type, []) principals.append(principal_name) setattr(policy, pol.type, principals) return policy
def _load_policy(self, spolicy): policy = Policy() if spolicy is not None: for pol in spolicy: principal_name = pol.principal_name if pol.principal_type == 'R': principal_name = 'R:%s' % pol.principal_name if pol.type == 'owner': policy.owner = principal_name else: principals = getattr(policy, pol.type, []) principals.append(principal_name) setattr(policy, pol.type, principals) return policy
def remove_from_policy(user_to_remove, policy): """ remove the user from the policy. Manage should already have been checked ignore the owner section, so that if the owner is removed they can add themselves back in. NB - that will require extra code somewhere """ new_policy = Policy() for attr, values in policy.__dict__.iteritems(): if attr != 'owner' and user_to_remove.usersign in getattr(policy, attr): setattr(new_policy, attr, getattr(policy, attr)) getattr(new_policy, attr).remove(user_to_remove.usersign) else: setattr(new_policy, attr, getattr(policy, attr)) new_policy.owner = policy.owner return new_policy
def test_reuse_policy_object(): """ Explicitly test a bug fix in policy handling wherein the owner field could get transformed into (and stay) a list thus ruining second use. Not that second use is encourage, but it could happen. """ policy = Policy() policy.owner = u"campy" bag = Bag("policytest1") bag.policy = policy store.put(bag) bag = Bag("policytest2") bag.policy = policy store.put(bag) bag1 = store.get(Bag("policytest1")) bag2 = store.get(Bag("policytest2")) assert bag1.policy.owner == "campy" assert bag2.policy.owner == "campy" assert bag1.policy.owner == bag2.policy.owner
def test_reuse_policy_object(): """ Explicitly test a bug fix in policy handling wherein the owner field could get transformed into (and stay) a list thus ruining second use. Not that second use is encourage, but it could happen. """ policy = Policy() policy.owner = u'campy' bag = Bag('policytest1') bag.policy = policy STORE.put(bag) bag = Bag('policytest2') bag.policy = policy STORE.put(bag) bag1 = STORE.get(Bag('policytest1')) bag2 = STORE.get(Bag('policytest2')) assert bag1.policy.owner == 'campy' assert bag2.policy.owner == 'campy' assert bag1.policy.owner == bag2.policy.owner